Skip to content

Strict mode gates (signatures + caps) #67

New issue
New issue
Open
Open
Strict mode gates (signatures + caps)#67
Assignees
Zyonic88
Labels
area:securitySafety gates and security validationphase:1Self-Incorporation Phase 1 - Core Infrastructuretype:featureNew feature implementation
Milestone
Self-Incorporation v1
@Zyonic88

Description

@Zyonic88
Zyonic88
opened on Sep 19, 2025

Strict mode gates (signatures + caps)

Labels: phase:1, area:security, type:feature
Milestone: Self-Incorporation v1

Description

Enable strict mode which enforces .aether HMAC signatures, plugin ed25519 signatures,
and deny-by-default capability policy.

Acceptance Criteria

  • When AETHERRA_SELFINC_STRICT=1:
    • .aether HMAC signature verification must pass, else quarantine
    • Plugin artifacts must verify ed25519 signature, else quarantine
    • Deny-by-default capability policy; require explicit allowlist
  • Quarantine includes remediation guidance in logs/messages
  • Unit tests for positive path and quarantine path

Metadata

Metadata

Assignees

Labels

area:securitySafety gates and security validationphase:1Self-Incorporation Phase 1 - Core Infrastructuretype:featureNew feature implementation

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions